webinos security privacy
DESCRIPTION
An introduction to the security and privacy principles of webinos and the core security architectural principles Presented by John Lyle of The University of OxfordTRANSCRIPT
![Page 1: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/1.jpg)
Security and privacy
![Page 2: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/2.jpg)
Background
webinos creates networks of personal devices and exposes them to web applications.– Potential attack vector for malware– Potential for a loss of privacy
webinos must be designed to protect stakeholders (primarily users) and be implemented securely
![Page 3: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/3.jpg)
This presentation
1. Goals for security and privacy in webinos
2. Focus on:1. One device
2. The personal zone
3. Inter-user security and privacy
3. Conclusions and future directions
![Page 4: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/4.jpg)
Goals
1. Protect user data, devices and services
2. Balance security mechanisms against control and freedom
3. Provide a consistent user experience
4. Allow for management of applications, data and devices
5. Take into consideration other stakeholders
![Page 5: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/5.jpg)
Security and privacy on one device
API access mediated by an XACML-based security policy architecture– Based on WAC and BONDI– Extended for multi-device scenarios– Extended with privacy controls (TBD)
Application signing– Widgets – based on WAC and W3C
drafts/standards– Websites – SSL certificates
Local authentication
![Page 6: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/6.jpg)
Personal zones
Device authentication– Public key infrastructure for every device– PZH acts as a certificate authority– Enrolment of new devices
Secure communication OpenID authentication of users Policy synchronisation PZH interface to manage zones
![Page 7: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/7.jpg)
Communication between users
Personal zones can be bridged for inter-user communication
Authentication– User identity expressed through OpenID /
WebFinger / social network– Enables certificate exchange
Authorisation– Policies mediate access to APIs and services
![Page 8: webinos Security privacy](https://reader036.vdocuments.net/reader036/viewer/2022082921/5561ee7fd8b42aa5068b55d7/html5/thumbnails/8.jpg)
Conclusion
Consistent, straightforward security framework
Building on existing work, introducing personal zones
In the future:– Interfaces– Better privacy management, expression– Integration of secure hardware?– More tools for users and developers